PKI and Ecommerce Significance - Coursework Example

PKI and Ecommerce Significance This paper presents analysis of the public key infrastructure and associated X. 509 certificates. The main area of discussion in this research will be the analysis of the external and internal e-commerce systems that can be secured using PKI, ecommerce significance and potential benefits of PKIs. According to Weise (2001) a public key infrastructure or PKI facilitates users of a mainly unsecure public network like that internet to strongly and securely exchange information and data as well as money through the utilization of a public and a private cryptographic key combination that is acquired and shared in the course of a trusted authority. In addition, the PKI offers a digital certificate that is capable to recognize a person or a corporation as well as directory services that could be stored and revoked as needed through the certificates. However, the mechanism of a public key infrastructure is normally recognized through numerous diverse vendor techniques and services (Weise; Brown, Nieto and Boyd). Brayton, Finneman, Turajski, & Wiltsey (2006) outlined that PKI is an application of public key cryptography that is the extensively used technique on the internet for encrypting a message or validating a message to sender. In addition, conventional cryptography has typically concerned with the formation as well as sharing a secret key intended for the decryption and encryption of messages. However, these private and secret key structures have the considerable fault that if the key is revealed or captured by someone else, the basic messages could be easily decrypted. Therefore, PK cryptography or PKI is the favorable technique on the internet. The private key structure is normally recognized as symmetric cryptography and the public key method like an asymmetric cryptography (Brayton, Finneman and Turajski; Levi, Caglayan and Koc). PKI and X. 509 certificates According to Adams & Farrell (1999) in cryptography the X.509 is an ITU-T standard intended for a PKI intended for SSO (single sign-on) and PMI (Privilege Management Infrastructure). In addition, the X.509 identifies with a standard formats support of public key certificate revocation lists, certificates, certification path and attributes certificates validation algorithm (Adams and Farrell; Hutchinson and Sawyer). According to Ford & Polk (1999), in X.509 structure, a CA presents a certificate compulsory for a PK to a particular distinguished name in the X.500 practice, or to an alternative name like that as an a DNS-entry or e-mail address (Ford and Polk). As Adams & Farrell (1999) stated that X.509 is as well comprises principles intended for CRL (or certificate revocation list) establishment, a frequently ignored feature of public key infrastructure systems. In addition, the IETF standard method of inspecting a certificates strength is the OCSP (Online Certificate Status Protocol). And, Firefox 3 allows online certificate status protocol inspection through default (Adams and Farrell). Ecommerce systems security using PKI Sant (1999) stated that public key cryptography is mainly grown-up technology available for ecommerce based security. The certificate authority offered through the PKI basically provides as a trusted third party. In addition, the certificate authority validates a user according to particular measures, as well as concerns a certificate group of together private and public keys. However, the private key is normally produced on the user’s system, as well as never leaves that system. Thus, this defends the private key as a result that it never desires to navigate the overall ecommerce network. Through the private key could also be secluded through a pass expression, Therefore, the people can not covertly eliminate the private key. Furthermore, for higher security, the private key could be stored on a hardware security token, like that a smart card, that is transferable as well as could be utilized on numerous computers (Sant). According to Sant (1999), a public key infrastructure is a reliable, strong technology intended for protecting ecommerce data and information transmission or distribution throughout the internet. However, it is common in corporations for protecting e-commerce, although the PKI technology offers far more worth that still is not recognized. For instance, public key infrastructure technology offers digital certificates that recognize ecommerce organization and business by means of unique digital IDs. Furthermore, the infrastructure of public key technology facilitates the delivery of requirements intended for certificates, revokes certificates and issues certificates. In core, public key infrastructure offers a channel of trust (Sant; Laudon and Laudon). In public key infrastructure an ecommerce transaction is encrypted through a public key, as well as decrypted through a private key. In addition, the public key is extensively spread, although simply the receiver has the private key. For verification (establishing the identity of the transmitter, as simply the transmitter has the exact key) the hidden/encrypted message is encrypted once more, however this time by means of a private key. Similar measures form the foundation of RSA (employed through banks as well as governments) and pretty good privacy, utilized to encrypt ecommerce data (Sant). Self-signed and commercially signed certificates SSL certificates are significant for establishing an encrypted connection/link between a server and client. In addition, the clients that acknowledge a signed SSL certificate will be capable to set up an encrypted link with the server. Also, the encrypted links are employed through webmasters to build protected websites, similar to e-commerce websites, wherever additional safety is essential to avoid eavesdropping (Vedetta). Furthermore, the Self signed certificate of X.509 version-1 certificates are intended to handle key-stores. Also, the certificates and keys are employed to digitally sign applications and applets (Sun). Non-repudiation and E-commerce Non-Repudiation is the declaration that somebody cannot disallow something. Normally, non-Repudiation refers to the capability to make certain that a party to an agreement or a communication cannot reject the dependability of their mark on a certificate or the transaction of a message that they created. For a lot of years, establishment has required to build repudiation unfeasible in a number of circumstances. In addition, we might transmit registered mail, intended for instance; therefore the receiver cannot reject that a letter that was delivered. Likewise, an authorized document normally necessitates witnesses to signing therefore that the person who signs is nor able to reject that (TechTarget). For ecommerce as well as for the other online transactions there must be need for secure transaction. In addition, in these transactions, both the sender and transmitter parties are (authentication), as well as transaction are confirmed as final. Also, the systems have to make sure that a party could not consequently reject an ecommerce transaction. Furthermore, to secure and guarantee digital trust, the sender and receiver systems can make use of digital signatures, those will not simply verify the sender, however will also ‘time stamp’ the web based transaction (Onieva, Zhou and Lopez). Implementation of PKI Khusial & McKegney (2005) stated that reimbursements of PKI are extensively reliant on the security strategy that validates them. However, exclusive of an effectively developed as well as maintained strategy a PKI will possibly fail and reason additional damage than good. In addition, the technologies comprised in PKI execution however are not limited to; IPSec, SSL, cryptography, S/MIME and digital signatures, even biometric authentication and smart card. In general, the business needs to recognize how PKI will develop the integrity, confidentiality and accessibility of the business as well as its ecommerce structure (Khusial and McKegney). According to Lam, Chung, Gu, & Sun (2003), the confidentiality regarding the PKI will guarantee that financial transactions among the customer and business and from the business to business are protected by means of SSL. In addition, the privacy is as well enhanced in email transmissions for the reason that digital records like that X.509 employed in S/MIME, are utilized to encrypt the message consequently that simply the recipient is able to view the message (Lam, Chung and Gu). The PKI significantly augments the reliability of the organization’s performance and consequently ensures high levels of reliability. In addition, without a PKI based facilities web based and ecommerce transactions are transmitted in obvious text permitting not simply for 3rd parties to take information, however to as well further pretense like the company with harming the corporate reputation (Lam, Chung and Gu). However, the reality is that a PKI will perform the exact contradictory. In addition, without PKI the corporation would not be able to stop a hateful attack. If PKI is in position then hateful attacks would be typically prohibited permitting the company to carry on usually from routine. Consequently, the PKI permits for superior scalability of the network through bringing in VPN ability by means of SSL or IPSec permitting for enlargement in detached geographical locations (Lam, Chung and Gu). Conclusion This paper has presented a detailed analysis of the PKI and associated certificated. In this paper I have outlined some of the main areas and aspects of the PKI and its implementation areas. This paper has concluded that PKI based web security has turned out to be a vital part of online ecommerce. I hope this paper will offer an insight into the different aspects and areas of the PKI implementation, analysis and operating. Bibliography Adams, C. and S. Farrell. "Internet X.509 Public Key Infrastructure Certificate Management Protocols ." 1999. 03 February 2010 . Brayton, Jim, et al. "What is PKI?" 10 October 2006. TechTarget.com. 03 February 2010 . Brown, Jaimee, Juan M. Gonzalez Nieto and Colin Boyd. "fficient and secure self-escrowed public-key infrastructures." ASIAN ACM Symposium on Information, Computer and Communications Security, Proceedings of the 2nd ACM symposium on Information, computer and communications security. Singapore : ACM New York, USA , 2007. pp. 284 - 294. Ford, W. and W. Polk. "Internet X.509 Public Key Infrastructure Certificate and CRL Profile." 1999. 03 February 2010 . Hutchinson, Sarah E. and Stacey C. Sawyer. Computers, Coomunications, Information A users Introduction, 7th Edition. New York: Irwin/McGraw-Hill, 2000. Khusial, Darshanand and Ross McKegney. e-Commerce security: Attacks and preventive strategies. 13 April 2005. 03 February 2010 . Lam, Kwok-Yan, et al. "Security middleware for enhancing interoperability of Public Key Infrastructure." Computers & Security, Volume 22, Issue 6 (2003): pp. 535-546. Laudon, Kenneth. C. and Jane. P. Laudon. Management Information Systems, Sixth Edition. New Jersey: Prentice Hall , 1999. Levi, Albert, M. Ufuk Caglayan and Cetin K. Koc. "Use of nested certificates for efficient, dynamic, and trust preserving public key infrastructure ." Transactions on Information and System Security (TISSEC) , Volume 7 Issue 1 (2004): 21-59. Onieva, Jose A., et al. "Agent-mediated non-repudiation protocols." Electronic Commerce Research and Applications Volume 3, Issue 2, (2004): 152-162 . Sant, Chris Van. "E-COMMERCE SECURITY How Much is Enough?" 1999. 03 February 2010 . Sun. "X.509 Certificates and Certificate Revocation Lists (CRLs)." 2001. Sun.com. 03 February 2010 . TechTarget. "Nonrepudiation." 2009. TechTarget.com. 03 February 2010 . Turban, Efraim, et al. Information Technology for Management: Transforming Organizations in the Digital Economy . New York: Wiley, 2005. Vedetta. "Self-signed SSL certificates vs commercial SSL certificates: How Mozilla is killing self-signed certificates." 2008. 03 February 2010 . Weise, Joel. "Public Key Infrastructure Overview." 2001. Sun BluePrints™ OnLine. 03 February 2010 . Read More